General

  • Target

    18106a3e4dc0919534f3d944dc1b13849a906dcb4294d9c1b3590055578edd19

  • Size

    122KB

  • Sample

    221120-lbyvtafe78

  • MD5

    4b684c5f7ea1de6143d73e586f9529d0

  • SHA1

    ea5dcf773cac8b546cb19012fd515da5083e56d3

  • SHA256

    18106a3e4dc0919534f3d944dc1b13849a906dcb4294d9c1b3590055578edd19

  • SHA512

    422d7b8977359f8c2d66ff4ce07c73b915efb63ecdef201cde1968fde67753aadffbd02fa4a6f0d94f59ef7f1496768df937f09b676d97fa46ab54d79dfcc712

  • SSDEEP

    3072:CjOer6cEmf/49va0TyZFcdmhYwxTS/o6:WOehE7Za0GgeYwxTS/o6

Malware Config

Extracted

Family

pony

C2

http://mail.yaklasim.com:8080/ponyb/gate.php

http://reubenpacheco.com/ponyb/gate.php

http://plasticsurgeonnewsletters.com/ponyb/gate.php

http://whatcausesyeastinfectionsinwomen.com/ponyb/gate.php

Attributes
  • payload_url

    http://000023p.rcomhost.com/En3.exe

    http://embeddedcoaching.org/gkn6Njtq.exe

    http://faithbibleweb.org/i2UFx.exe

    http://grandns.net/ZaavGm.exe

Targets

    • Target

      18106a3e4dc0919534f3d944dc1b13849a906dcb4294d9c1b3590055578edd19

    • Size

      122KB

    • MD5

      4b684c5f7ea1de6143d73e586f9529d0

    • SHA1

      ea5dcf773cac8b546cb19012fd515da5083e56d3

    • SHA256

      18106a3e4dc0919534f3d944dc1b13849a906dcb4294d9c1b3590055578edd19

    • SHA512

      422d7b8977359f8c2d66ff4ce07c73b915efb63ecdef201cde1968fde67753aadffbd02fa4a6f0d94f59ef7f1496768df937f09b676d97fa46ab54d79dfcc712

    • SSDEEP

      3072:CjOer6cEmf/49va0TyZFcdmhYwxTS/o6:WOehE7Za0GgeYwxTS/o6

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks